© panacea compliance limited “simplifying complexity.....” crsa user group/forum 20 years on!...

© Panacea Compliance Limited “simplifying complexity .....”

CRSA User Group/Forum20 years on!

Darryl Clark(Founder & former Chair – “UK CRSA User Group”)


Once upon a time ............

There was a new auditing technique called “CSA”

There was lots of risk & control specialists interested

It was receiving international acclaim

And there was lots of seminars & conferences around – all packed to the rafters

BUT ...

There were very few, a handful, of actual usersTheir views were crowded out by the throng of non-users

And they had no-one to talk to.


The “UK CSA User Group”

Formed in January 1995

8 members

Members were internal auditors

Met quarterly

Very informal

Formal goals and objectives

Practitioners only


UK CSA User Group: original model


UK CRSA User Group: original objectives

Extract from Letter dated 30 January 1995


Mapping of Objectives 1995 - 2015

They’ve proved reasonably enduring ......

CRSA Forum today:-

5. acting as a catalyst for new ideas2. share diverse approaches and experiences



CRSA Forum today:-

5. acting as a catalyst for new ideas

3. identify and develop best practices



CRSA Forum today:-

5. acting as a catalyst for new ideas2. share diverse approaches and experiences



CRSA Forum today:-

4. provide a resource for CRSA users



What we didn’t have that you now do .....

“1. promote the value and benefits of CRSA in corporate governance, enterprise risk management and organisational improvement”

“6. collaborate with relevant professional bodies”


What did we talk about?

Extract from the same letter .....


Inaugural meeting: Agenda

• Welcome- reminder of why we are here, purpose of the Group- Attendees & Membership- Observation Aids• Objectives & aims- Discuss, develop, synthesise & agree• Presentation by Dave Gammon of Grand Metropolitan (formerly from Tesco)- followed by Questions Time• Long lunch!• July survey results• News/Updates- New book on CSA- My move - handout stickers• Round table• Format for future meetings- CSA presentation? Offers?- Facilitated discussion around a particular interest area?- Formation of special interest working groups?- Venue. Offers?- Date of next meeting


We used an “Observation Aid”!


CRSA: back to basics ....

Core principles:

It’s participative It’s collaborative Requires strong facilitation skills (audit/risk as control experts) The business must own the outputs Audit/risk do not own the results – but may report them It’s periodic not continuous – or for special needs It’s fuzzy – too much ’perfection-ising’ destroys it. Success = audit/risk’s role demoted to verifying the quality of the

CRSA process


Does CRSA have a role to play today?

Financial services & EU Solvency II Directive (wef 1/1/16)

Article 41(1): • “The system of governance shall be subject to regular internal review.”

Article 45(1):• “As part of its risk-management system every insurance undertaking and

reinsurance undertaking shall conduct its own risk and solvency assessment” = Own Risk & Solvency Assessment (“ORSA”)

Article 45(4) :• “The own-risk and solvency assessment shall be an integral part of the

business strategy and shall be taken into account on an ongoing basis in the strategic decisions of the undertaking.”


What does “self-assessment” mean and entail today?



ERM & CRSA - a perfect match

ISO 31000 – Risk Management: Definition of risk:“The risk of uncertainty on objectives”

CRSA begins with objectives – unlike many/most other risk approaches

ERM requires an assessment of all the organisation’s moving parts - whilst they are all moving!



Processes

Departments

Staff

ManagementStakeholders

Customers, Products &

Markets

Locations/branches/countries

ERM!



Processes

Departments

Staff

ManagementStakeholders

Customers, Products & Markets

Locations/branches/countries

• CRSA principles Participative Collaborative Ownership, and/or TEAM-BASED?

ERM!



(No “END” node)


Last slide ....

Observation• CRSA has survived!• ‘Facilitated workshops’ appear to

have faded• Principles accord with modern

management ‘style’• Regulators are making increasing

demands for internal ‘assessments’• Corporate governance is today a way

of life• ERM needs a solution to ‘hugging air’

Opportunity?CRSA is there waiting & ready to be usedA tool to ignite a resurgence in CRSA?

Resistance should be minimal

CRSA is a much-needed solution to those who’ve never heard of itCRSA is in itself evidence of a sound governance cultureCRSA is primed to come to the rescue!


Contact: Darryl ClarkEmail: [email protected]: 07818 000 282Tel: 01202 692 703

CRSA – 20 Years on

Contact: Darryl ClarkEmail: [email protected]: 07818 000 282Tel: 01202 692 703

Darryl Clark ACIS, PIIA, MSC, MA, PGDipManaging DirectorPanacea Compliance Ltd - Regulatory Consultancy & Training Specialists

mailto:[email protected]

mailto:[email protected]

© panacea compliance limited “simplifying complexity.....” crsa user group/forum 20 years on!...

Documents